CVE-2023-5150

Name of the Vulnerable Software and Affected Versions D-Link DAR-7000 versions up to 20151231 D-Link DAR-8000 versions up to 20151231

Description The issue is related to an unrestricted file upload vulnerability in the /useratte/web.php file of the D-Link DAR-7000 and DAR-8000 routers. This vulnerability can be exploited remotely, allowing an attacker to execute arbitrary commands. The manipulation of the file upload argument leads to this unrestricted upload. The products are no longer supported by the maintainer and should be retired and replaced.

Recommendations For D-Link DAR-7000 and DAR-8000 versions up to 20151231, consider retiring and replacing the products as they are no longer supported by the maintainer. As a temporary workaround, consider restricting access to the /useratte/web.php file to minimize the risk of exploitation. Avoid using the file upload argument in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.